Locked packages are basically like removable fixed packages, so we still
only load one version, but we do not require their installation unless
something the user needs requires their use. So they automatically get
removed if they are no longer needed on any update.
Instead of marking locked packages as fixed, we change the pool builder
to load only the locked version and treat it like a fixed package, but
removing the actual request fix, makes the solver treat it as a regular
optional dependency. As a consequence locked packages may be removed on
a partial update of another package, but they cannot be updated.
So far the ordering of alias packages with the same name was undefined
so the actual order was determined by implementation of the sorting
algorithm in PHP. As of PHP8 sort is stable by default which changes the
outcome in some of our test cases.
With the fully defined total order the order can longer change depending
on sorting algorithm used and remains the same across PHP versions.
* master:
Add tests for edge cases of packages providing names which exist as real packages
Add another test verifying that a package may provide an incompatible version of sth that actually exists
Fix provider coexistence test, needs another requirement to install both
Fix test filename to end with .test extension so it gets run
Update config section to note required scope for GitLab tokens
Fix pre/post-package-install/update/uninstall events receiving a partial list of operations, fixes#9079
Also remove credentials from cache dirs in git/svn drivers, fixes#7439, refs #9155
AuthHelper: Allow fall-through GitLab-specific HTTP headers for auth
Sanitize repo URLs to mask HTTP auth passwords from cache directory
Util/Zip: fix strpos args order
Previously, `AuthHelper` consumed the authentication credentials for GitLab domains and added access tokens as GitLab-specific headers.
[Composer repositories now supported in GitLab](https://php.watch/articles/composer-gitlab-repositories) require standard Authorization headers with a personal access to function, which failed to work due to out GitLab-specific headers.
With this commit, AuthHelper checks if the password is an access token, and falls through to HTTP basic authentication even if the domain name is a GitLab domain name.
* master: (59 commits)
Update deps
Reuse repository manager and others directly from the Composer instance, refs #9057
Fix usage of create-project with local filesystem repos
Fix return value
Add support for multiple --repository additions in create-project, and make --add-repository delete the lock file, fixes#8853
Remove cygwin php handling in UAC elevation
Clean up a little to make impl less invasive and to handle replacers/providers
Supply event dispatcher in Create Project Command
Avoid attempting to use /etc/xdg as base config home, fixes#9053, refs #9045
Create an issue @ Docker repository on tag
Mark transaction classes internal, refs #8827
Prepare 1.10.9 release
Remove highest/lowest builds for 1.10 maintenance branch
Fix bitbucket detection of redirects to login page, fixes#9041
Fix doc comment
Fixed spelling mistake
Add Windows UAC elevation to self-update command
GitLab: clarify interactive auth prompt
Improve support for XDG and default to XDG config dir if both that and ~/.composer are available, fixes#9045Fix#9033 - inconsistent behavior with minor-only flag
...
* RemoteFilesystemTest: simplifying some mock expectations calls
- will($this->returnValue()) to willReturn()
- will($this->returnCallBack()) to willReturnCallback()
* RemoteFilesystemTest: extracting identical mocks for IOInterface into a separate getIOInterfaceMock() method
* RemoteFilesystemTest: converting protected helper methods to private.
* RemoteFilesystemTest: moving getConfigMock() private method after the public methods (with other private methods)
* adding RemoteFileSystemTest::testCopyWithRetryAuthFailureFalse() unit test.
* Allow optional injecting of AuthHelper into RemoteFilesystem constructor.
* adding RemoteFileSystemTest::testCopyWithSuccessOnRetry() unit test.
* using backward compatible @expectedException in RemoteFilesystemTest.php
* RemoteFilesystemTest: extracting RemoteFilesystem with mocked method creation into a separate method.
* RemoteFilesystemTest: extracting AuthHelper with mocked method creation into a separate method.
* Add AuthHelper::addAuthenticationHeader() test on missing authentication credentials.
* Add AuthHelper::addAuthenticationHeader() test on bearer password.
* Add AuthHelper::addAuthenticationHeader() test on Github token.
* Add AuthHelper::addAuthenticationHeader() test on Gitlab Oauth token.
* Add $authenticationDisplayMessage write expectation to AuthHelper::addAuthenticationHeader() tests.
* Add AuthHelper::addAuthenticationHeader() test on Gitlab private token.
* Add AuthHelper::addAuthenticationHeader() test on Bitbucket Oauth token.
* Add AuthHelper::addAuthenticationHeader() test on Bitbucket public urls.
* Add AuthHelper::addAuthenticationHeader() test on Basic Http Authentication.
* Add AuthHelper::isPublicBitBucketDownload() tests.
* Rename AuthHelperTest $credentials variable to $auth.
* Add AuthHelper::storeAuth() test for auto-store option.
* Add AuthHelper::storeAuth() test for user prompt and y(es) answer.
* Add AuthHelper::storeAuth() test for user prompt and n(o) answer.
* Add AuthHelper::storeAuth() test for user prompt with invalid answer.
* Add AuthHelper::promptAuthIfNeeded() test for Github authentication failure.
- add GitHub hard dependency mock (new GitHub(...) mock)
* Run AuthHelper::promptAuthIfNeeded() tests only with PHP > 5.3
* Run AuthHelper::promptAuthIfNeeded() tests only with PHP >= 5.4
* Run AuthHelper::promptAuthIfNeeded() tests only with PHP 5.4
* Exclude PHPStan analyses of '../tests/Composer/Test/Util/Mocks/*'
* Exclude AuthHelper::promptAuthIfNeeded() tests from current pull request.
* Extract repetitive AuthHelperTest authentication expectation into a method.
PackageSorter weighs the importance of a package
by counting how many times it is required by other packages.
This works by calculating the weight for each package name.
However currently the package index of the package array
is currently passed the weigh function, which basically
disables package sorting.
The reason for that is, that a package repository previously
returned the package list as associative array with package name as keys,
but currently just as an array with integer keys.
Therefore we must extract the package name from the package
before passing it to the weigh function.